It’s a complete failure of infosec-meets-user-psychology that “this TLS certificate is issued for your bank and the server is sneaky hackerman dot com” and “this otherwise valid certificate expired a day ago” have the EXACT SAME USER EXPERIENCE.
@Quinnypig What should the user experience for an expired certificate be?
@ciphergoth Something clearly distinct from a MitM attack?
